The Week in Ransomware – March 26th 2021

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange.

Early in the week, it was discovered that a threat actor was deploying the Black Kingdom Ransomware on Microsoft Exchange servers. By the end of the week, Microsoft estimates that approximately 1,500 exchange servers were targeted in this group’s attack.

The Clop ransomware gang has continued to leak data stolen in Accellion attacks, with this week’s victims being energy giant Shell, the University of Miami, and the University of Colorado.

We also saw an increase in standard encrypting ransomware attacks targeting enterprise victims, such as Sierra Wireless, Stratus, and insurance giant CNA.

On a different note, Danny Palmer wrote an interesting piece on how a company handled a recent ransomware attack and did not pay the ransom. 

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @Ionut_Ilascu, @demonslay335, @jorntvdw, @PolarToffee, @malwrhunterteam, @FourOctets, @struppigel, @LawrenceAbrams, @malwareforme, @Seifreed, @DanielGallagher, @serghei, @VK_Intel, @fwosar, @CrowdStrike, @BrettCallow, @MalwareTechBlog, @MsftSecIntel, @fbgwls245, @siri_urz, @Amigo_A_, @dannyjpalmer, @campuscodi, @ValeryMarchive, and @alexscroxton.

March 21st 2021

New Pay2Decrypt variant

S!Ri found a new Pay2Decrypt variant that appends the .aes extension.

March 22nd 2021

Microsoft Exchange servers now targeted by Black Kingdom ransomware

Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.

Energy giant Shell discloses data breach after Accellion hack

Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA).

New Dharma ransomware variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .bqd2 extension.

March 23rd 2021

Ransomware attack shuts down Sierra Wireless IoT maker

Sierra Wireless, a world-leading IoT (Internet of Things) solutions…